wilson2468
Technical User
I cannot find the problem.
I am trying to create a DMZ on a PIX 515E 7.1.
The Interface is up, but no hosts in the DMZ, I am just trying to ping the Interface from an Inside network at the moment.
Debugs show the ICMP packets getting to the interface, but they do not return to the machine in the Inside network they are originating from.
I am not sure of the exact logic, but believe:
To let traffic flow from a high security level to a lower level, use the nat and global commands, here is what I have
(Inside Interface is actually 10.10.154.0, on a Cisco 4503, but packet will originate from a 10.10.151.0 network)
nat (DMZ_1) 1 172.30.100.0 255.255.255.0
global (DMZ_1) 1 172.30.100.100-172.30.100.254 netmask 255.255.255.0
For the opposite direction, from lower to higher, use the static and access-list commands,
static (inside,DMZ_1) 10.10.151.0 10.10.151.0 netmask 255.255.255.0
access-group DMZ_1_access_in in interface DMZ_1
I am trying to create a DMZ on a PIX 515E 7.1.
The Interface is up, but no hosts in the DMZ, I am just trying to ping the Interface from an Inside network at the moment.
Debugs show the ICMP packets getting to the interface, but they do not return to the machine in the Inside network they are originating from.
I am not sure of the exact logic, but believe:
To let traffic flow from a high security level to a lower level, use the nat and global commands, here is what I have
(Inside Interface is actually 10.10.154.0, on a Cisco 4503, but packet will originate from a 10.10.151.0 network)
nat (DMZ_1) 1 172.30.100.0 255.255.255.0
global (DMZ_1) 1 172.30.100.100-172.30.100.254 netmask 255.255.255.0
For the opposite direction, from lower to higher, use the static and access-list commands,
static (inside,DMZ_1) 10.10.151.0 10.10.151.0 netmask 255.255.255.0
access-group DMZ_1_access_in in interface DMZ_1